Bug 625399 - remmina exposes passwords to "ps"
Summary: remmina exposes passwords to "ps"
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: remmina   
(Show other bugs)
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Christoph Wickert
QA Contact: Fedora Extras Quality Assurance
URL: https://sourceforge.net/tracker/?func...
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-19 10:20 UTC by Jason Haar
Modified: 2010-10-31 00:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-31 00:14:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jason Haar 2010-08-19 10:20:52 UTC
Description of problem:

says it all really. remmina uses the "-pPASSWORD" option in rdesktop instead of using "-p -" and passing the password on stdout - as tsclient does

Version-Release number of selected component (if applicable):

remmina-0.7.5-1.fc12.i686

How reproducible:

connect to a RDP client and then run "ps aux|grep rdesktop" in a terminal

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Christoph Wickert 2010-09-08 16:16:48 UTC
Thanks for your bug report. I have forwarded it to the upstream bug tracker at 
https://sourceforge.net/tracker/?func=detail&aid=3062032&group_id=278330&atid=1181674

Nevertheless I'll leave this one open until the problem is resolved.

Comment 2 Christoph Wickert 2010-10-31 00:14:38 UTC
Upstream has decided to not fix the issue as they have switched to freerdp now. I will try to bring the new version to Fedora soon.

Comment 3 Jason Haar 2010-10-31 00:31:36 UTC
Are you sure it's still a problem?

I'm now running F13, and "ps" shows

rdesktop -u user-name -d dom -p XXXXXXXXXXXXXX -a 24

...instead of the password. Maybe something changed in rdesktop to hide the password string?

This is with

rdesktop-1.6.0-7.fc12.i686
remmina-0.7.5-1.fc13.i686

Comment 4 Christoph Wickert 2010-10-31 00:46:34 UTC
Confirmed, same behavior on Fedora 14, versions of the packages are the same.

I know for sure that remmina has not changed and according to the changelog rdesktop has not changed ether. Anyway, the issue is fixed (I never verified it actually existed, I just relied on the bug report).


Note You need to log in before you can comment on or make changes to this bug.